Organizations blame their own staff for cloud security incidents

When systems are in the cloud, 45 percent of organizations perceive their own employees to be the biggest security risk, according to a new report.

According to user behavior specialist Netwrix, even though the majority of attacks they experienced over the year were external, organizations blame their own IT staff (39 percent) and business users (33 percent) as much as or more than their cloud providers (33 percent).

The report shows the most common cloud security concerns are the risk of unauthorized access (69 percent), the risk of malware infiltration (50 percent) and companies’ inability to monitor the activity of their own employees in the cloud (39 percent).

The share of organizations that have complete visibility into the activity of their IT staff (28 percent), business users (17 percent), third parties with legitimate access (12 percent) and service providers (nine percent) is low and needs to be improved.

"Although most actual security attacks were external, cloud customers mostly blame their own users for incidents in the cloud and see them as the biggest threat to security," says Michael Fimin, CEO and co-founder of Netwrix. "Why? Even if insiders are not malicious, they still can unwittingly help attackers get into the environment, whether due to a lack of knowledge about risks, negligence or mistakes. To address the human factor in all its forms, organizations need a complex approach that includes at least three components: employee training, top management support for security initiatives, and pervasive visibility into user activity to detect attacks and minimize the damage."

Among other findings are that only 66 percent of surveyed IT teams have top management's support for security initiatives for the cloud. Yet despite this 42 percent of the organizations surveyed are ready to embrace the cloud more fully, while 47 percent are not ready for one or more reasons.

Even though 86 percent of organizations said in 2016 that they were not ready for a big cloud move, one year later, 31 percent of respondents say they are planning a complete migration to the cloud in the next five years. The majority of organizations plan to start storing sensitive data in the cloud or move more data there. This includes customer (50 percent), employee (45 percent) and financial (37 percent) information.

Of the measures aimed at strengthening security employee training comes top on 55 percent, followed by enforcement of stricter security policies (53 percent) and deployment of vendor security solutions (39 percent).

You can read more and get a copy of the full report on the Netwrix blog.